|
|
You're in the
iis security
group:iis5.log
iis security:
Noticed that I had a log for the iis5.log and was wondering why that would be. I do not have the services started and for some reason it seems to be active on occasion while looking at the file. Does anyone know if this could mean that the PC is comprimised?
Jeff,
Thank you I'll look into uninstalling the product. I'm sure I can find some info on how to do that. Mike [quoted text, click to view] >-----Original Message-----
>On Mon, 28 Jun 2004 06:32:42 -0700, "Mike" <wuffman2@yahoo.com> wrote: > >>Noticed that I had a log for the iis5.log and was >>wondering why that would be. I do not have the services >>started and for some reason it seems to be active on >>occasion while looking at the file. > >It's an installation log, not a log of accesses. > >>Does anyone know if this could mean that the PC is >>comprimised? > >Probably not. But if you don't have the service started, and you >don't use IIS, why is it loaded on the system? Remove it if you don't >use it. > >Jeff >.
[quoted text, click to view]
On Mon, 28 Jun 2004 06:32:42 -0700, "Mike" <wuffman2@yahoo.com> wrote: >Noticed that I had a log for the iis5.log and was >wondering why that would be. I do not have the services >started and for some reason it seems to be active on >occasion while looking at the file. It's an installation log, not a log of accesses. [quoted text, click to view] >Does anyone know if this could mean that the PC is >comprimised? Probably not. But if you don't have the service started, and you don't use IIS, why is it loaded on the system? Remove it if you don't use it.
[quoted text, click to view]
On Mon, 28 Jun 2004 09:07:05 -0700, "Mike" <wuffman2@yahoo.com> wrote: >Jeff, > >Thank you I'll look into uninstalling the product. I'm >sure I can find some info on how to do that. Add/remove Programs -> Windows Components. Jeff [quoted text, click to view] >Mike
>>-----Original Message----- >>On Mon, 28 Jun 2004 06:32:42 -0700, "Mike" ><wuffman2@yahoo.com> wrote: >> >>>Noticed that I had a log for the iis5.log and was >>>wondering why that would be. I do not have the >services >>>started and for some reason it seems to be active on >>>occasion while looking at the file. >> >>It's an installation log, not a log of accesses. >> >>>Does anyone know if this could mean that the PC is >>>comprimised? >> >>Probably not. But if you don't have the service >started, and you >>don't use IIS, why is it loaded on the system? Remove >it if you don't >>use it. >> >>Jeff >>. >>
Jeff, You mentioned to uninstall the product. I checked the Windows area and it is not installed. However, today once again I have a log file for the install of IIS. The contents are included in the message. Do you have any ideas what is loading this? [7/3/2004 8:18:22] LogFile Open. [***** Search on FAIL/MessageBox keywords for failures *****]. [7/3/2004 8:18:22] Initial thread locale=409 [7/3/2004 8:18:22] returned from France fix with locale 409 [7/3/2004 8:18:22] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE) [7/3/2004 8:18:22] OC_INIT_COMPONENT:[iis,(null)] Start. [7/3/2004 8:18:22] OC_INIT_COMPONENT:7/5/2003 2:42:48 A_______ 5.0.2195.6681: 5.00.0984: x86: C:\WINNT\system32\Setup\iis.dll [7/3/2004 8:18:22] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='') [7/3/2004 8:18:22] OC_INIT_COMPONENT:CmdLine="C:\WINNT\system32\sysocmgr.exe" /i:C:\WINNT\system32\sysoc.inf [7/3/2004 8:18:22] OC_INIT_COMPONENT:DebugLevel=3. [7/3/2004 8:18:22] OC_INIT_COMPONENT:DebugValidateHeap=1. [7/3/2004 8:18:22] OC_INIT_COMPONENT:GlobalFastLoad=1. [7/3/2004 8:18:23] OC_INIT_COMPONENT:OldWWWRoot=''. Does not exist. we'll use the default. WARNING. [7/3/2004 8:18:23] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING. [7/3/2004 8:18:23] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not exist. we'll use the default. WARNING. [7/3/2004 8:18:23] OC_INIT_COMPONENT:CRegKey::QueryValue(): DisableUserAccountRestore Not found. WARNING. code=0x2 [7/3/2004 8:18:23] OC_INIT_COMPONENT:CRegKey::QueryValue(): DisableUserAccountRestore Not found. WARNING. code=0x2 [7/3/2004 8:18:23] OC_INIT_COMPONENT:CRegKey::QueryValue(): DisableUserAccountRestore Not found. WARNING. code=0x2 [7/3/2004 8:19:57] OC_CLEANUP:DebugLevel=3. [7/3/2004 8:19:57] OC_CLEANUP:DebugValidateHeap=1. [7/3/2004 8:19:57] OC_CLEANUP:GlobalFastLoad=1. [7/3/2004 8:19:57] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0 [7/3/2004 8:19:57] OC_CLEANUP: --- Display status of services which are required for IIS to run --- [7/3/2004 8:19:57] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation]. [7/3/2004 8:19:57] OC_CLEANUP:SERVICE_RUNNING [RpcSs]. [7/3/2004 8:19:57] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp]. [7/3/2004 8:19:57] OC_CLEANUP:SERVICE_RUNNING [EventLog]. [7/3/2004 8:19:57] OC_CLEANUP:SERVICE_RUNNING [ProtectedStorage]. [7/3/2004 8:19:57] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start. [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=79... [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=5... [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:Start. [7/3/2004 8:19:57] OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start. [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=45... [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1 [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=5... [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start. [7/3/2004 8:19:57] OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start. [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=45... [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1 [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=5... [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:Start. [7/3/2004 8:19:57] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start. [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=41... [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:Start. [7/3/2004 8:19:57] OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start. [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=6... [7/3/2004 8:19:57] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:Start. [7/3/2004 8:19:57] OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_in f)Start. [7/3/2004 8:19:57] OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_in f].End.Ret=1. [7/3/2004 8:19:57] OC_CLEANUP:Calling InstallInfSection:DisableServerAccountRestore_off_inf:End. [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:DisableServerAccountRestore_off_do:End.return=1 [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=5... [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:Start. [7/3/2004 8:19:57] OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start. [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=6... [7/3/2004 8:19:57] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start. [7/3/2004 8:19:57] OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_i nf)Start. [7/3/2004 8:19:57] OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_i nf].End.Ret=1. [7/3/2004 8:19:57] OC_CLEANUP:Calling InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End. [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1 [7/3/2004 8:19:57] OC_CLEANUP:Calling ProcessSection:PopOldServerAcctRestoreValue:End.return=1 [7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=6... [7/3/2004 8:19:57] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:Start. [7/3/2004 8:19:57] OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start. [7/3/2004 8:19:57] OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1 .. [7/3/2004 8:19:57] OC_CLEANUP:Calling InstallInfSection:OC_CLEANUP_RegClean_inf:End. [7/3/2004 8:19:57] OC_CLEANUP:[iis,(null)] End. Return=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:======================= [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=1 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=1 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0 [7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
[quoted text, click to view]
On Sat, 03 Jul 2004 18:22:59 -0700, Mike R <wuffman2@yahoo.com> wrote: >You mentioned to uninstall the product. I checked the Windows area and >it is not installed. However, today once again I have a log file for >the install of IIS. The contents are included in the message. Do you >have any ideas what is loading this? Nope. But whatever you or something did at 8:18 am launched a command line install. This is past an IIS security issue if you're not running anything. Jeff [quoted text, click to view] >[7/3/2004 8:18:22] LogFile Open. [***** Search on FAIL/MessageBox
>keywords for failures *****]. >[7/3/2004 8:18:22] Initial thread locale=409 >[7/3/2004 8:18:22] returned from France fix with locale 409 >[7/3/2004 8:18:22] OC_PREINITIALIZE:[iis] End. Return=1 >(OCFLAG_UNICODE) >[7/3/2004 8:18:22] OC_INIT_COMPONENT:[iis,(null)] Start. >[7/3/2004 8:18:22] OC_INIT_COMPONENT:7/5/2003 2:42:48 A_______ >5.0.2195.6681: 5.00.0984: x86: C:\WINNT\system32\Setup\iis.dll >[7/3/2004 8:18:22] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='') >[7/3/2004 8:18:22] >OC_INIT_COMPONENT:CmdLine="C:\WINNT\system32\sysocmgr.exe" >/i:C:\WINNT\system32\sysoc.inf >[7/3/2004 8:18:22] OC_INIT_COMPONENT:DebugLevel=3. >[7/3/2004 8:18:22] OC_INIT_COMPONENT:DebugValidateHeap=1. >[7/3/2004 8:18:22] OC_INIT_COMPONENT:GlobalFastLoad=1. >[7/3/2004 8:18:23] OC_INIT_COMPONENT:OldWWWRoot=''. Does not exist. >we'll use the default. WARNING. >[7/3/2004 8:18:23] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not >exist. we'll use the default. WARNING. >[7/3/2004 8:18:23] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not >exist. we'll use the default. WARNING. >[7/3/2004 8:18:23] OC_INIT_COMPONENT:CRegKey::QueryValue(): >DisableUserAccountRestore Not found. WARNING. code=0x2 >[7/3/2004 8:18:23] OC_INIT_COMPONENT:CRegKey::QueryValue(): >DisableUserAccountRestore Not found. WARNING. code=0x2 >[7/3/2004 8:18:23] OC_INIT_COMPONENT:CRegKey::QueryValue(): >DisableUserAccountRestore Not found. WARNING. code=0x2 >[7/3/2004 8:19:57] OC_CLEANUP:DebugLevel=3. >[7/3/2004 8:19:57] OC_CLEANUP:DebugValidateHeap=1. >[7/3/2004 8:19:57] OC_CLEANUP:GlobalFastLoad=1. >[7/3/2004 8:19:57] OC_CLEANUP:[iis,(null)] Start. 0x0,0x0 >[7/3/2004 8:19:57] OC_CLEANUP: --- Display status of services which are >required for IIS to run --- >[7/3/2004 8:19:57] OC_CLEANUP:SERVICE_RUNNING [LanmanWorkstation]. >[7/3/2004 8:19:57] OC_CLEANUP:SERVICE_RUNNING [RpcSs]. >[7/3/2004 8:19:57] OC_CLEANUP:SERVICE_STOPPED [NtLmSsp]. >[7/3/2004 8:19:57] OC_CLEANUP:SERVICE_RUNNING [EventLog]. >[7/3/2004 8:19:57] OC_CLEANUP:SERVICE_RUNNING [ProtectedStorage]. >[7/3/2004 8:19:57] OC_CLEANUP:ProcessSection.[OC_CLEANUP].Start. >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=79... >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=5... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:SNMP_W3SVC_chk_cleanup:Start. >[7/3/2004 8:19:57] >OC_CLEANUP:ProcessSection.[SNMP_W3SVC_chk_cleanup].Start. >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=45... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:SNMP_W3SVC_chk_cleanup:End.return=1 >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=5... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:SNMP_MSFTPSVC_chk_cleanup:Start. >[7/3/2004 8:19:57] >OC_CLEANUP:ProcessSection.[SNMP_MSFTPSVC_chk_cleanup].Start. >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=45... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:SNMP_MSFTPSVC_chk_cleanup:End.return=1 >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=5... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:PopOldServerAcctRestoreValue:Start. >[7/3/2004 8:19:57] >OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue].Start. >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=41... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:DisableServerAccountRestore_off_do:Start. >[7/3/2004 8:19:57] >OC_CLEANUP:ProcessSection.[DisableServerAccountRestore_off_do].Start. >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=6... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >InstallInfSection:DisableServerAccountRestore_off_inf:Start. >[7/3/2004 8:19:57] >OC_CLEANUP:InstallInfSection_NoFiles:(DisableServerAccountRestore_off_in >f)Start. >[7/3/2004 8:19:57] >OC_CLEANUP:InstallInfSection_NoFiles.[DisableServerAccountRestore_off_in >f].End.Ret=1. >[7/3/2004 8:19:57] OC_CLEANUP:Calling >InstallInfSection:DisableServerAccountRestore_off_inf:End. >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:DisableServerAccountRestore_off_do:End.return=1 >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=5... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:PopOldServerAcctRestoreValue_off_do:Start. >[7/3/2004 8:19:57] >OC_CLEANUP:ProcessSection.[PopOldServerAcctRestoreValue_off_do].Start. >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=6... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >InstallInfSection:PopOldServerAcctRestoreValue_off_inf:Start. >[7/3/2004 8:19:57] >OC_CLEANUP:InstallInfSection_NoFiles:(PopOldServerAcctRestoreValue_off_i >nf)Start. >[7/3/2004 8:19:57] >OC_CLEANUP:InstallInfSection_NoFiles.[PopOldServerAcctRestoreValue_off_i >nf].End.Ret=1. >[7/3/2004 8:19:57] OC_CLEANUP:Calling >InstallInfSection:PopOldServerAcctRestoreValue_off_inf:End. >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:PopOldServerAcctRestoreValue_off_do:End.return=1 >[7/3/2004 8:19:57] OC_CLEANUP:Calling >ProcessSection:PopOldServerAcctRestoreValue:End.return=1 >[7/3/2004 8:19:57] OC_CLEANUP:...ProcessEntry:100=6... >[7/3/2004 8:19:57] OC_CLEANUP:Calling >InstallInfSection:OC_CLEANUP_RegClean_inf:Start. >[7/3/2004 8:19:57] >OC_CLEANUP:InstallInfSection_NoFiles:(OC_CLEANUP_RegClean_inf)Start. >[7/3/2004 8:19:57] >OC_CLEANUP:InstallInfSection_NoFiles.[OC_CLEANUP_RegClean_inf].End.Ret=1 >. >[7/3/2004 8:19:57] OC_CLEANUP:Calling >InstallInfSection:OC_CLEANUP_RegClean_inf:End. >[7/3/2004 8:19:57] OC_CLEANUP:[iis,(null)] End. Return=0 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:======================= >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=1 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=1 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE >Called=0 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0 >[7/3/2004 8:19:58] OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |